Vulnerability Description
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Suse Linux Enterprise Software Development Kit | 12.0 |
| Debian | Debian Linux | 7.0 |
| Novell | Suse Linux Enterprise Desktop | 12.0 |
| Novell | Suse Linux Enterprise Server | 11 |
| Mozilla | Network Security Services | <= 3.19 |
| Mozilla | Firefox | <= 38.1.0 |
| Mozilla | Firefox Esr | 31.1 |
| Oracle | Solaris | 11.3 |
| Oracle | Vm Server | 3.2 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
- http://rhn.redhat.com/errata/RHSA-2015-1664.html
- http://rhn.redhat.com/errata/RHSA-2015-1699.html
- http://www.debian.org/security/2015/dsa-3336
- http://www.mozilla.org/security/announce/2015/mfsa2015-64.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.htmlThird Party Advisory
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmThird Party Advisory
- http://www.securityfocus.com/bid/75541
- http://www.securityfocus.com/bid/83399
- http://www.securitytracker.com/id/1032783
FAQ
What is CVE-2015-2730?
CVE-2015-2730 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptic...
How severe is CVE-2015-2730?
CVE-2015-2730 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2730?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Suse Linux Enterprise Software Development Kit, Debian Debian Linux, Novell Suse Linux Enterprise Desktop, Novell Suse Linux Enterprise Server, Mozilla Network Security Services.